Fears are growing that Iran will unleash cyber warfare on U.S. companies if negotiators are unable to reach a nuclear deal by Monday that would require Tehran to limit its nuclear program.
Cyber-attacks from Tehran dropped after the U.S., Iran and other countries agreed to an interim nuclear deal in 2013, but observers expect a new offensive if discussions taking place in Vienna fall apart before a Nov. 24 deadline.
“It would be logical to conclude that if the talks fail completely, they’ll re-engage at the same level,” Rogers said.
U.S. financial firms, oil and gas companies and water filtration systems could be among the companies targeted.
“Out of any country on the planet, I can’t think of a country that has been more focused than Iran from the high levels of government on cyber, and that includes the United States,” said Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, which monitors critical infrastructure attacks.
The U.S. has yet to bear the full brunt of Iran’s rapidly developing cyber capabilities.
Researchers describe Iran as a close fourth behind the U.S., Russia and China in terms of its ability to launch cyber attacks.
“But they make up for it in their apparent willingness to go on the offensive,” said Kristen Eichensehr, an international security professor at the University of California, Los Angeles, School of Law and former State Department attorney.
Iran initially ramped up its cyber efforts in 2010, culminating with a barrage of simplistic attacks on the U.S. financial sector in 2012.
“Clearly, 2012 was the worst year that we saw of the Iranian effort,” Rogers said.
Still, those prolific attacks were easy to detect and relatively harmless.
Over the last two years, Iran has formed a Supreme Council of Cyberspace that meets once a month and includes President Hassan Rouhani.
Iranian officials also strengthened cybersecurity research partnerships with Russia, and have gone from being a nascent to a burgeoning cyber power.
An example of Iran’s new prowess was its ability to reverse engineer a U.S. drone it captured after the drone crashed within Iranian borders. It took advanced hacking techniques to access and understand the software within the drone.
U.S. officials cautioned last week they are suspect the quality is equal to that of the American drone.
Still, “it shows how bolstered their program really is,” said David Kennedy, CEO of information security company TrustedSec, which monitors cyber attacks. “That’s heavily sophisticated equipment.”
A recent report from cybersecurity firm FireEye also described how one popular Iranian hacking group went from website defacements in 2010 to “malware-based espionage” in a scant four years.
Iranian hackers reportedly went after oil giant Saudi Aramco, the world’s most valuable company, and deleted the contents of 30,000 computers. The same virus also hit Qatar-based liquid petroleum gas firm RasGas.
“It’s really important to understand,” Rogers said. “They have not abandoned their cyber operations around the world. They just have not.”
While the U.S. is bombarded with cyber attacks, it has never been the subject of a large-scale destructive attack. So far, Tehran’s hackers are mostly suspected of probing around U.S. infrastructure networks to understand their designs.
But that could change if the nuclear talks fall apart. And this time, an Iranian attack could be more advanced.
Kennedy thinks Tehran would use stealth malware to infiltrate bigger companies across more sectors.
Falling worldwide oil prices would also make U.S. oil companies an attractive target, Alperovitch said.
“That’s going to be a key interest of theirs,” he said.
While no security experts think Iran would launch a destructive attack on the U.S. if the nuclear talks dissolved, Tehran’s ability to embed malware in U.S. networks would give them the ability to do so.
“Once you’re in the system,” Alperovitch said, “it’s just a few keystrokes for you to delete those files.”
At a House hearing Thursday, National Security Agency Director Michael Rogers said China and “one or two” other countries are able to shut down portions of the U.S. critical infrastructure with a cyberattack. Researchers and Rep. Rogers suspect Iran might be on that list.
“My gosh, what if they actually hit one of our financial institutions and were able to take offline 30,000 computers and destroy and manipulate data in those networks?” Rogers said.
“That’s what keeps me up at night.”